CIO magazine has named its top 10 outsourcing trends for 2015. Speaking with consultants, lawyers, and service providers, CIO predicts a big year ahead for the multibillion-dollar industry as both standardization and flexibility become big drivers in the marketplace over the next 12 months. This year may also witness a new era of faster sourcing decisions and the end of an old standby: the request for proposal (RFP) process.

Among the key trends, pricing and market response remain the biggest drivers. Sourcing experts predict a shift in the cost of outsourcing as companies on both sides of deals embrace outcome-based pricing as a hedge against expensive, upfront investment costs. Analysts also expect to see businesses opting for multisource cloud-based solutions rather than the tower-based outsourcing model that has been dominant in the industry for years. Such a decentralized approach should drive down costs while decreasing the risk inherent in sole-supplier outsourcing arrangements.

Finally, as customers look to make quick decisions on whether to use new and rapidly evolving technologies, outsourcing providers expect to see fewer RFPs. Instead of the time-consuming RFP process, procurement teams will face pressure to integrate outsourced solutions on a faster timeline than the RFP typically allows, and business discussions with providers about the integration outsourcing proposals and solutions are likely to proceed in parallel with legal negotiations.

Check out the full top 10 here.

As the number of apps available from foreign-based companies to consumers in the United States continues to grow, the Federal Trade Commission (FTC) has issued a pointed warning to application developers whose product offerings target children in the United States. In a letter sent last month to BabyBus, a China-based mobile app developer, the FTC warned the company that its apps were not in compliance with the Children’s Online Privacy Protection Act (COPPA). Although not the first time that the FTC has advised foreign companies of their COPPA obligations, this is first time since the FTC revised its COPPA rules in mid-2013 that the agency has publicly warned a foreign-based company of noncompliance.

Stating that BabyBus advertises in various app stores as “a leader in early childhood education software,” with approximately 60 apps using cartoon characters that teach children letters, numbers, shapes, and music, the FTC noted that the apps “appear to collect precise geolocation information that is transmitted to third parties” without the appropriate consent. Under COPPA, websites and online services involved in commerce in the United States and directed at children under 13 must provide notice of such practices and obtain verifiable parental consent before collecting, using, or disclosing any personal information—including GPS-based locations—from children. As the FTC reminded BabyBus, foreign-based companies that make commercial apps available to consumers in the United States are subject to these COPPA requirements.

New Jersey Governor Chris Christie signed into law last week a bill that requires health insurance and care providers that do business in the state to encrypt patient information and healthcare data. The new law arose from the discovery of a series of data breaches involving approximately 1 million New Jersey patients’ healthcare information.

The measure goes into effect on August 1 and will apply to health insurance carriers, including health service corporations, hospital service corporations, and health maintenance organizations authorized to issue New Jersey health benefit plans. It bars such health insurance carriers from collecting a patient’s name linked with his or her Social Security number, driver’s license or other state identification number, address, and other identifiable health information unless this data is encrypted or otherwise unusable by an unauthorized third party. Furthermore, the law requires security measures to extend beyond a simple password and mandates that health insurance carriers implement safeguards that render the data unreadable, undecipherable, or otherwise unusable by someone who can bypass the password protection. The law applies to all end-user computers, such as desktops and laptops, and all data and information transmitted via public networks.

Following a New York federal judge’s ruling last year that a warrant issued under the Electronic Communications Privacy Act (ECPA) could reach private content stored in data centers outside of the United States, Microsoft has asked the U.S. Court of Appeals for the Second Circuit to limit the warrant request and reach of the ECPA only to data stored domestically. The outcome of the appeal, which may ultimately head to the U.S. Supreme Court, could have lasting implications for the cloud-computing industry.

The case originated with a request from the government to retrieve records from an account on Microsoft’s Web-based email system. Microsoft turned over address book information and other records stored in U.S. data centers but refused to retrieve email stored offshore in Ireland. Microsoft requested that the government comply with the processes set forth in the U.S.-Ireland Mutual Legal Assistance Treaty (MLAT), but a magistrate judge determined that the ECPA “does not implicate principles of extraterritoriality.” The judge further found that the MLAT process would be too “burdensome and uncertain” for Congress to have intended that the government use it. The magistrate ordered Microsoft to turn over all requested data, even data stored overseas.

If you are a fan of writing product or service reviews for sites such as Yelp, then California law just made it a lot easier for you to do so. The state recently passed a new law that makes it unlawful to include nondisparagement clauses in consumer contracts. Nondisparagement clauses generally restrict individuals from making statements or taking any other action that negatively affects an organization, including its reputation, products, services, management, or employees.

The new law, codified at California Civil Code section 1670.8, which took effect January 1, specifically provides that “a contract or proposed contract for the sale or lease of consumer goods or services may not include a provision waiving the consumer’s right to make any statement regarding the seller or lessor or its employees or agents, or concerning the goods or services.” It is also “unlawful to threaten or to seek to enforce a provision made unlawful under this section, or to otherwise penalize a consumer for making any statement protected under this section.”

As business adoption continues to grow, cloud computing and cloud-based systems have again been selected as major technology trends for 2015. Gartner’s recent industry overview focused on how mobile adoption and the need to maintain services and applications across multiple systems will drive more businesses toward cloud-based products. Meanwhile, as analysts continue to predict a $200 billion market for public cloud computing within the next five years, business leaders have begun to embrace cloud services for reasons that extend well beyond promised information technology (IT) cost savings.

In its annual cloud survey of business executives, consultants at KPMG examined why organizations move to the cloud, and even as nearly half cited cost effectiveness, the need to meet the demands of a mobile workplace comes in as a close second. Of IT decision makers surveyed, 42% say that mobile considerations drive the cloud conversion—a jump of nearly 30 points since 2012. The two biggest factors behind mobile adoption are increased productivity and employee satisfaction. These go hand-in-hand as employees are able to use their mobile devices to access their work systems and be productive while on the go.

As international agreements, particularly those in the technology sector, continue to become more common, how can you increase your chances of a predictable interpretation should “breach of contract” become an Olympic contest for your organization?

A natural inclination is to push for U.S. law in your international agreements and call it a day if you can come to terms. New York is widely regarded as an international forum for international agreements, for example. But there are a few aspects to international law that you should consider when deciding how dispute resolution should be negotiated in your agreements:

  • Not all foreign jurisdictions play nice with judgments issued by U.S. courts. For example, China will not enforce a U.S. court judgment. Accordingly, savvy Chinese companies are quick to jump on proposals to take, for example, New York law and choice of forum provisions because a judgment in any dispute would not be enforceable, and the U.S. entity would have to bring a new action on the merits in Chinese courts to seek enforcement. Not ideal.

Websites are facing lawsuits alleging that the information collected and transmitted about viewers of their video content violates the Video Privacy Protection Act (VPPA), a 1988 law originally aimed at prohibiting video rental companies from disclosing the video tape rental records of consumers. In recent years, federal courts have held that the law applies to all video, regardless of technical format. Even more recently, plaintiffs are using the law to apply to website operators that host streaming video.

The Video Privacy Protection Act

The VPPA prohibits a video tape service provider from knowingly disclosing, to any person, personally identifiable information concerning any consumer of the provider without the consumer’s informed, written consent. VPPA provides for a private right of action, including statutory damages not less than $2,500 per consumer plus attorneys’ fees. Ouch.

Getting your clients to accept legal advice that could impact the user experience on a website is an uphill battle, but is the tide of that battle shifting?

Certainly, some lawyer, somewhere, two decades ago, had a knock-down, drag-out with his Web development team about how important it would be to obtain a “seasonable expression of acceptance” (yep, just broke out the Uniform Commercial Code on this blog) to ensure that the company website’s Terms of Service and Privacy Policy would remain enforceable. He lost.

In the brief history of the Internet, websites have been dominated by the “shrink wrap” acceptance mechanism for Terms of Service and Privacy Policies. That is, users who visit the sites don’t have to do anything particular to accept these agreements, but instead accept these agreements by virtue of their visitation. Although courts have been willing to enforce these documents to the extent that they are reasonable and not too invasive, trying to enforce anything other than cursory protections is risky at best.

Our cars will soon be talking to one another. They will send messages about their location, speed, acceleration, size, position, and turn-signal status, and they will use that information to tell us what our fellow drivers are doing on the road around us. These future cars will alert us to what we can’t see coming around the corner, helping us avoid potential crashes.

Vehicle-to-vehicle (V2V) communication is an interesting example of how the Internet of Things (IoT) will soon affect our daily lives. Last week, we provided a brief introduction to the IoT in part one of this series. Part two discusses recent regulatory and industry developments related to V2V communications technology and focuses specifically on regulatory and industry responses to privacy issues.